HA active-active

dbanaresdbanares Member
Hi,

I have two AX3000, I want to have an HA active-active deployment. Is this possible in Large Scale NAT implementation? If that so, can you give me some example configuration.

Thanks,

Dannel

Comments

  • edited February 2014
    Hi Dannel,

    That's indeed also possible with LSN implementation.
    And the configuration is the very same as what you did on your SLB active-active deployment.
    You simply configure:
    . HA with preempt
    . 2 HA groups with different priorities => AX1 is active on 1 group and standby on the other group
    . 2 HA Floating VIP => each device receives the traffic it's supposed to receive

    I attached a config sample as example.
    Dimitri
  • dbanaresdbanares Member
    edited February 2014
    Hi,

    Do I need also a VIP for my outside interface?

    Thanks,
  • dshindshin Member
    edited February 2014
    Hi Dannel,

    Can you please elaborate your question? LSN will not allow VIP in the configuration. The way LSN works is by selecting an IP address from the NAT pool and using it as a source for the session(outbound connection).

    Regards,

    Genard
  • dbanaresdbanares Member
    edited February 2014
    Hi,

    What I mean is, floating IP for my outside interface. Like I said, I have two AX3000 and I want to have active-active deployment. One AX is deployed to my main site and one AX is deployed to other site, and I have a dedicated link to connect each AX for the HA interface.

    I have attached a sample topology.

    Thanks,

    Dannel
  • dbanaresdbanares Member
    edited February 2014
    Sorry, here's the attachment.
  • edited February 2014
    Looking at your diagram, it does not seem like the two boxes can be in HA. If box 1 touches the outside and box 2 only touch in the inside, they are really more like 2 stand alone boxes. You have single points of failure. Maybe I just don't understand your diagram.
  • dtidwelldtidwell Member
    edited February 2014
    Agreed, I can't see how HA is achieved with the sample topology. Also, it's unclear what sorts of failures you are trying to protect against.

    For the floating IP to work effectively, the AX devices need to share the same L2 domain that you want the floating IP to be on. From the diagram, it looks like the core switches need to be connected. This would allow trunking of both the internal and external VLANs the AX's are connecting to.
  • dbanaresdbanares Member
    edited February 2014
    Yes, you are right dtidwell. I just forgot to put a link in two core switch in my diagram, but they are in L2 mode. All the vlans from Main office are extended to the branch office, and vice versa.

    Now I'm getting the idea.

    Thanks,

    Dannel
Sign In or Register to comment.